[Ollie88]

Recently I had a problem with my PC and managed to fix it myself using 'Computer Management' under the Services tab (This is on Windows XP), but ever since then the System32 Folder always opens on LogIn. I know it's nothing to to with the registry because theres no erroneous entries. I guess it's to do with one of the Services I altered, just insure which one. It's just an annoyance as it's the same everytime someone logs on.

Thanks

[Advertisements]

Hi Ollie88!

Have you gone to START-->RUN and typed msconfig and clicked on the STARTUP tab in the new window that appears and tried to locate the offending entry and unchecking it?

Fenor

[Fenor]

Hi Ollie88!

Have you gone to START-->RUN and typed msconfig and clicked on the STARTUP tab in the new window that appears and tried to locate the offending entry and unchecking it?

Fenor

[Ollie88]

Yes I have done that but theres no command that would make the System32 Folder startup every single time.

Anyone Else? Help would be appreciated.

Thanks

[Fenor]

Lets take a look at what is starting up when your computer does. Please download HiJackThis (from the link in my signature) Install it, and double-click on the HiJackThis.exe icon. On the first screen click on Open the Misc Tools Section...on the next screen, click on the Generate StartupList log button and post a copy of the log here. You need not check either of the boxes next to this button.

Fenor

[Ollie88]

Here it is: -

StartupList report, 13/02/2006, 13:40:19
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Oliver\Desktop\hijackthis[1]\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\khooker.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\AOL\1134390626\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1134390626\ee\AOLServiceHost.exe
c:\program files\common files\aol\1134390626\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1134390626\ee\AOLServiceHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Oliver\Desktop\hijackthis[1]\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

EM_EXEC = C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
SiS KHooker = C:\WINDOWS\System32\khooker.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
VCSPlayer = "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
AOLDialer = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
REGSHAVE = C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
%FP%Friendly fts.exe = "C:\Program Files\Voyager100Test\fts.exe"
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe
gcasServ = "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
MessengerPlus3 = "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
HostManager = C:\Program Files\Common Files\AOL\1134390626\ee\AOLHostManager.exe
avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\sstext3d.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - (no file) - {e0103cd4-d1ce-411a-b75b-4fec072867f4}

--------------------------------------------------

Enumerating Task Scheduler jobs:

A820747791C3EDA7.job
rundll32.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Checkers Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
CODEBASE = http://messenger.zon...kr.cab28578.cab

[iPIX ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ipixx.ocx
CODEBASE = http://www.ipix.com/viewers/ipixx.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
CODEBASE = http://messenger.zon...nt.cab30149.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macr...director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft....k/?linkid=39204

[MSSecurityAdvisor Class]
InProcServer32 = C:\WINDOWS\System32\mssecadv.dll
CODEBASE = http://download.micr...b?1083416686310

[Minesweeper Flags Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll
CODEBASE = http://messenger.zon...er.cab28177.cab

[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
CODEBASE = http://security.syma...bin/AvSniff.cab

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll
CODEBASE = http://download.yaho...s/yinst0401.cab

[PatchInstaller.Installer]
InProcServer32 = C:\WINDOWS\System32\XPPatchInstaller.dll
CODEBASE = file://D:\content\include\XPPatchInstaller.CAB

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.micros...ontent/opuc.cab

[QDiagAOLCCUpdateObj Class]
InProcServer32 = C:\WINDOWS\System32\qdiagcc.ocx
CODEBASE = http://aolcc.aolsvc....kup/qdiagcc.cab

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.micros...b?1124904825421

[MSSecurityAdvisorCD Class]
InProcServer32 = C:\WINDOWS\System32\mssecucd.dll
CODEBASE = file://D:\Content\include\msSecUcd.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zon...nt.cab28177.cab

[CamImage Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\AxisCamControl.ocx
CODEBASE = http://24.120.32.163...sCamControl.cab

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupd...8089.3312152778

[SassCln Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\SassCln.dll
CODEBASE = http://www.microsoft.../20/SassCln.CAB

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn...pDownloader.cab

[ZoneIntro Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
CODEBASE = http://messenger.zon...ro.cab30149.cab

[{B9191F79-5613-4C76-AA2A-398534BB8999}]
CODEBASE = http://us.dl1.yimg.c...utocomplete.cab

[RealArcadeRdxIE Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\RealArcadeRdxIE.dll
CODEBASE = http://games-dl.real...ArcadeRdxIE.cab

[CBreakshotControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Banksht2.dll
CODEBASE = http://messenger.zon...ot.cab30149.cab

[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.syma...n/bin/cabsa.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx
CODEBASE = http://fpdownload.ma...ash/swflash.cab

[{DC187740-46A9-11D5-A815-00B0D0428C0C}]
CODEBASE = http://ds1.downloadt...pcpowerscan.cab

[ZoneChess Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Chess.ocx
CODEBASE = http://messenger.zon...ss.cab30149.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
UPnPMonitor: C:\WINDOWS\system32\upnpui.dll

--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

wininet.dll =

--------------------------------------------------

End of report, 9,910 bytes
Report generated in 0.297 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

[Fenor]

There are quite a few entries that are not necessarily needed to start when yoru computer does, but they wouldn't be causing this problem.

Here are a couple things you can try:

1.) Please download the file located HERE to somewhere on your computer where you will remember its location. Then find the file on your computer and double-click it to run it. Click YES to the warning: To work correctly, the script will close and restart the Windows Explorer shell. This will not harm your system. Continue?. when it's done, reboot your computer.

2.) Microsoft has a Knowledge Base article, found HERE, that deals with this exact issue.

If neither of these work, then we will try other options, which would include disabling all startup entries that don't need to be run, etc...

REMEMBER TO BACKUP THE REGISTRY BEFORE EDITTING IT WHEN GOING THROUGH THE MICROSOFT KNOWLEDGE BASE ARTICLE!

Fenor

Edited by Fenor, 13 February 2006 - 08:14 AM.

[Ollie88]

Neither of the options you mentioned worked. I had found the Microsoft article earlier, but tried it again as you insisted. What next?

Thanks.

Edited by Ollie88, 13 February 2006 - 12:11 PM.

[Fenor]

Okay, lets start disabling the startup items that don't need to start when your computer does. Go to STARt-->RUN and type msconfig and uncheck the boxes that correspond to the follow entries:

• QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
• VCSPlayer = "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
• AOLDialer = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
• REGSHAVE = C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
• %FP%Friendly fts.exe = "C:\Program Files\Voyager100Test\fts.exe"
• SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
• MessengerPlus3 = "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
• HostManager = C:\Program Files\Common Files\AOL\1134390626\ee\AOLHostManager.exe

Once done, click OK and click RESTART NOW. Once your computer has rebooted, you will see a window appear saying you are running selective startup, check the box saying do not show this window again and click OK.

Did the system32 window open when your computer rebooted?

Fenor

[Fenor]

Another thing to check. Go to START-->ALL PROGRMAS-->STARTUP. What is listed there if anything?

Also check and see what entries are listed in the following folders:

• C:\Documents and Settings\All Users\Start Menu\Programs\Startup
• C:\Documents and Settings\<username>\Start Menu\Programs\Startup

Fenor

[Ollie88]

I have unchecked the Startup items you had listed and the System32 Folder still came up. There are no items in the Startup folders for any users. It's only been doing it for two days, right after I changed some of the services, which is why I'm sure it's one of those, because its never done it up until that point. Any ideas?

Thanks

[gerryf]

Start > run
regedit
<enter>

navigate to
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

anything in there? wininit.exe =, perhaps?

[Ollie88]

I went to HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run in the registry and found wininet.dll. Is that anything to do with the entry you said about?

[Fenor]

I did alot of research the other day on your problem and I think I may have found the solution. Please do the following:

LEFT click and drag the cursor over all the lines inside the quotebox below to hilight them starting with @echo off; then Copy & Paste the contents onto Notepad. Click file>save>type "runs.bat" as the name and save to your desktop. NOTE you MUST use the quotes in the name as I did else the file type will be wrong and won't run.

@echo off
if exist "%SystemDrive%\rep.txt" del "%SystemDrive%\rep.txt"
Regedit /e %SystemDrive%\LM.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
Regedit /e %SystemDrive%\CU.txt "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
type %SystemDrive%\LM.txt>>%SystemDrive%\rep.txt
echo ****************************************************************************>>c:\rep.txt
type %SystemDrive%\CU.txt>>%SystemDrive%\rep.txt
del %SystemDrive%\LM.txt
del %SystemDrive%\CU.txt
echo Go to C:\rep.txt and post a copy back to Fenor in the forum (thanks to jwbirdsong for this script)
pause

Fenor

Edited by Fenor, 14 February 2006 - 07:40 AM.

[Ollie88]

Do I have to copy the whole quote including the bit that says 'post a copy back to Fenor in the forum (thanks to jwbirdsong for this script)', because that bit looks like it doesn't belong there.

Thanks

[Fenor]

@echo off
if exist "%SystemDrive%\rep.txt" del "%SystemDrive%\rep.txt"
Regedit /e %SystemDrive%\LM.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
Regedit /e %SystemDrive%\CU.txt "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
type %SystemDrive%\LM.txt>>%SystemDrive%\rep.txt
echo ****************************************************************************>>c:\rep.txt
type %SystemDrive%\CU.txt>>%SystemDrive%\rep.txt
del %SystemDrive%\LM.txt
del %SystemDrive%\CU.txt
echo Go to C:\rep.txt and post a copy back to Fenor in the forum (thanks to jwbirdsong for this script)
pause